Bank pays for not acting to stop loss of stolen funds

Loss consumer suffered was not because of the compromise but due to his bank failing to act timeously

By Angelique Ardé - 16 May 2019 - 16:34

If you are a victim of fraud, your bank should help you mitigate your losses.

Scammers may trick you into installing malicious software that can capture your online banking username and password. Picture: 123RF

Banks expect you to wise up on banking scams so you don’t fall victim and compromise the security of your account.

But if you are a victim of fraud, your bank should help you mitigate your losses.

The Ombudsman for Banking Services found against a bank that failed to do this for a victim of online banking fraud after his online banking credentials were compromised through a “Microsoft scam”, the ombudman's latest annual report reveals.

The report doesn’t detail the scam, but the South African Banking Risk Information Centre (Sabric) details a technical support scam as being one where a scammer poses as a technical support assistant from a well-known company like Microsoft.

They tell you that they have detected viruses or other malware on your computer and trick you into installing software that gives them access to your computer remotely.

They may trick you into installing malicious software that can capture your online banking username and password or they install this remotely themselves. They may also ask you to pay them for their “services”.

In the case before the ombud, the fraudsters obtained access to the consumer’s online banking profile and used it to transfer R140,000 from his account to another bank.

The consumer reported the incident to his bank on November 25, 2017. But his bank told him the funds could not be recovered. The consumer was extremely unhappy and demanded a full refund.

During its investigation, the ombud found that the bank that received the money – the beneficiary bank – informed the consumer’s bank a number of times that it needed a South African Police Service case number and affidavit from the consumer, otherwise the hold it had put on the beneficiary account would be lifted.

The consumer’s bank did not inform him of this requirement resulting in the police case number and affidavit not being provided timeously. This resulted in the fraudster being able to withdraw all the funds.

The banking ombud found that although the consumer’s confidential banking credentials were compromised, the loss he suffered was not because of the compromise but was due to his bank failing to act on the request of the beneficiary bank and communicate its requirements to the consumer timeously.

Essentially, his bank was in a position to mitigate his loss and failed to do so. The banking ombud recommended that the consumer’s bank refund him, and his bank agreed.

“Consumers should report fraud to the bank timeously, and if the bank fails to take the necessary measures to mitigate the loss, the bank will be held liable,” the banking ombud’s annual report says.